Keycloak AWS SES Email Integration - Each realm corresponding each account aws ses

1

Hi,

We are trying integrate keycloak with aws ses. Currently, we are using username and password (base on access key, secret key of iam). However, for security then the access key, secret key will be rotating in 90 days where it could interrupt service. We are looking for alternative ways such as service account (using IAM role instead of credentials) …

We saw there is option GitHub - dasniko/keycloak-aws-ses-email-provider: Drop-in Email Provider SPI replacement for Keycloak to send emails via AWS Simple Email Service (SES). Demo purposes only. I don’t see the way to configure credentials or permission to access aws ses. And it seems configuring for whole all realms

However we would like to config different account aws ses for each realm.

Any suggestion or guideline to resolve this point would be very much appreciated!

Thanks,
Uyen Vu

2

What you are asking for is nothing Keycloak related. See AWS docs on how to configure the desired and required credentials.

3

Hi @dasniko
We understand that this configuration comes from AWS, but in the Keycloak admin UI, we don’t see an option to use an IAM Role for SES; it only provides an option for an IAM User.

image
image1837×980 71 KB

In summary, does Keycloak support using IAM Roles for SES?

4

Keycloak only supports sending emails through SMTP. In your screenshot, you are using the STMP option of SES with an IAM user.

If you want to use something different, you have to implement it. Keycloak does not support any Cloud-Vendor specific APIs ootb.